Hello,
On 09/19/2016 08:55 PM, yousifjkadom(a)yahoo.com wrote:
Hi. I'm new user of Linux. I'm on Linux Fedora 24 X64
cinnamon edition.
I opened thread in Fedora help form about how achieve Internet kill switch. Please look
to descusion within it on following link:
http://www.forums.fedoraforum.org/showthread.php?t=311476
My user name in Fedora help forum is User808 also.
As you see from thread, I'm not able to use command line iptables because it is
deficult. I try my best but I can not.
I have Idea to achieve Internet kill switch from GUI of firewalld & not sure if it is
correct or not ? It seem that it is correct or correct with need for minor additions. My
idea is that:
After downloading VPN configuration files & set up VPN from network manager we do
following:
1) open GUI of firewalld then change default zone to = drop
2) open GUI of VPN from network manager & before connect to VPN we change (from GUI
of VPN within network manager) firewall zone setting of VPN to either trusted or home.
3) connect to VPN
4) after end session of VPN I have to disconnect from VPN then reopen GUI of firewalld to
change back default zone to = public so as to restore normal Internet connection. Then
restore zone setting of VPN from GUI of VPN in network manager to default zone.
Is this valid way
The drop zone is not limiting outgoing traffic. Therefore I do not think that
using the drop zone will help here. Output filtering in zones is planned for
one of the next releases. With this it should then be possible to add the
needed rules for the kill switch easily.
The panic mode will not let any packets through - incoming and outgoing.
The only way that I see to add the rules for the KillSwitch is with the direct
interface tracked pass-through rules. Of the rules are added to the top of the
chains, then it should be possible to keep the other rule set as it is. But it
is then needed to make sure that the last line added of the block is a dropping
all traffic, that shall not pass.
_______________________________________________
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Regards,
Thomas